CVE-2026-0114 | In Modem, there is a possible out of bounds write due to an … | CVSS 9.8 CRITICAL

Description

In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Metadata

CVE ID: CVE-2026-0114
State: PUBLISHED
Assigner: Google_Devices
Reserved: 2025-10-23 08:43 UTC
Published: 2026-03-10 20:46 UTC
Last updated: 2026-03-12 03:55 UTC
Primary CWE: CWE-787
CWE-787 Out-of-bounds Write
Vendor / Product: Google / Android
Sources: cve.org · NVD

Severity & Metrics

9.8 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: yes
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
Google	Android	—	Android kernel

Weakness (CWE)

CWE	Source	Description
—	cna	Remote code execution
CWE-787	adp	CWE-787 Out-of-bounds Write

CVSS scores (1)

Score	Severity	Version	Source	Vector
9.8	CRITICAL	3.1	adp	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (1)

https://source.android.com/docs/security/bulletin/2026/2026-03-01